# blocklists.list - lists the remote blocklists that pglcmd handles.
# Place one URL per line for every blocklist.
# Any line which starts with a # (hash) is a comment and is ignored.
# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
# information about some available blocklists.
# Instead or additionally to the remote blocklists that are specified here, you
# can put local blocklists in LOCAL_BLOCKLIST_DIR (/etc/pgl/blocklists.local/).
# All blocklists in that directory (except those in subdirectories, or which end
# in "~" or start with ".") are used. They may be in any supported format and
# have to be either unpacked or gzip'ped.
# Do a "pglcmd reload" (or "restart" or "update") when you have edited this
# file.

So my lists are not updated via URL/PGL because I download them manually with my browser and keep them in my home directory. The lists are local, could this be part of the problem? I also tried moving all the lists directly to /etc/pgl/blocklists.local and loaded them up from there, but that just made things worse. And as you can see, /etc/pgl/blocklists.list has not been changed in any way. Do I need to add the paths to my local blocklist here?

But on the last step, installing the .deb file, the software center said it was a dummy package and being ignorant of what that meant, I didn't install it. I was trying to install this because of what I had read earlier in this thread and thought it might solve this problem.

Just as a side note, I want to say thanks for the clear, step-by-step install instructions at moblock-deb.sourceforge.net. Having that there has always made a HUGE difference for me. I've even used it to help me figure out how to install other software when I was still learning how to do it.

So I removed all the old lists (and did "sudo pglcmd force-reload"),
made the multicast blocklist and added it (through the GUI),
restarted my system,
turned on pglgui, pressed start, got no error but the list didn't load.
Pressed start again and got the pop-up error message.

I even tried manually adding the multicast IP range to the master_blocklist.p2p but it didn't take. But I don't know what the format looks like for IP ranges in this file anyway (I'm assuming it's different and don't even know if this would work).

I'd like to try adding a list just using the command line, but honestly, I don't know how to do it. I see

Code:

pgld [-c CHARSET] -m [BLOCKLIST(S)]

so if I have my list here: /home/anonymous/Lists/Multicast.gz, is this the command to load it?:

Code:

pgld -c UTF-8 -m /home/anonymous/Lists/Multicast.gz

I don't even know if it's UTF-8 or not, let alone figuring that out.

I also tried using the URL instead of local lists (blocklist name was bluetack_dshield here), and got some different results (pgld.log was the same as before though):

Re: General MoBlock thread

Originally Posted by lemwt

They are also .gz format.

While rereading your post I just realized that you are using packed blocklists. I think we removed support for that in pgld itself (IMHO extracting should be done with external applications, which are installed anyway. further there is not only gz out there, but also other like 7z).
Anyway, unpack your blocklists and try again.

Please note that pgld depends on correctly inserted iptables rules (this is done by pglcmd on "pglcmd start". Only starting pgld will not work.

CAUTION: master_blocklist.p2p is generated automatically from all local blocklists and the remote lists specified in /etc/pgl/blocklists.list. Manually adding ranges may, if at all, just work for a short time.

But on the last step, installing the .deb file, the software center said it was a dummy package and being ignorant of what that meant, I didn't install it. I was trying to install this because of what I had read earlier in this thread and thought it might solve this problem.

This relates to the transitional packages moblock, blockcontrol and mobloquer/pgl-gui, which just install the real new packages pgld, pglcmd and pglgui.

Whitelisting ports (e.g. 80 and 443 outbound) is still a security risk, because malicious hosts might listen on these ports and thus circumvent pgl's protection.

Re: General MoBlock thread

pglgui needs some improvement for local blocklists.
E.g. pglgui is too strict about the allowed local blocklists. pglgui is just an extension for pgld/pglcmd - they allow using blocklists with any extension (as long as they are in a known format).
There also seem to be some issues with removing local blocklists. We are working on this.

Although the problems I know of are not related to your problems, please don't use pglgui to set your local blocklists for now.

So let's start fresh again:Please be careful to exactly follow the following instructions (not more, not less) to avoid any misunderstandings.

Code:

sudo pglcmd stop

Code:

sudo pglcmd status

. You should get the following output:

Code:

Run "status" as root to verify your iptables settings!
[FAIL] pgld is not running ... failed!
[FAIL] pglcmd.wd is not running ... failed!

Re: General MoBlock thread

Well, that was easy
Seeing this whole story, I guess you were just hit by the problems in pglgui we just recently realized. pgld and pglcmd were not affected.

Originally Posted by lemwt

I'd like to add my allow list now. Where or how should I add it?

Per default /etc/pgl/allow.p2p is used for incoming and outgoing connections (you should not use it for forwarded connections, e.g. in routers/for virtual machines).
No support for that in pglgui yet
And in the long run, there are major changes planned for this. But nothing to worry about now. And I will make the changes compatible to the current setup.

Re: General MoBlock thread

I've posted these questions on sourceforge already but the forum there seems to be deserted...

So I'll try my luck here:

1) Is there any difference (especially concerning security) between running pglgui as normal user (and using gksu/gksudo to actually start the filter) and running it directly as root?
I know that I should avoid to start applications as root, but pgl needs root's power to change iptables anyway...

2) How to update default lists in pgl? Does pgl update them on its own somehow, if so, is there some indicator that the lists are actually up-to date?